Aggregator

A vulnerability was found in WP All Export Pro Plugin up to 1.7.8 on WordPress. It has been declared as critical. This vulnerability affects unknown code of the component POST Parameter Handler. The manipulation of the argument cc_sql leads to sql injection. This vulnerability was named CVE-2022-3395. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Usermin up to 1.850 and classified as critical. This issue affects some unknown processing of the component GPG Module. The manipulation leads to os command injection. The identification of this vulnerability is CVE-2022-35132. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Free5gc 3.2.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. This vulnerability was named CVE-2022-38870. The attack can only be done within the local network. There is no exploit available.

A vulnerability classified as problematic was found in LBStopAttack Plugin up to 1.1.2 on WordPress. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2022-3097. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Mitel MiCollab up to 9.5.0.101. Affected is an unknown function of the component Client Server. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2022-36451. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in PRTG Network Monitor up to 22.2.77.2204. It has been classified as problematic. Affected is an unknown function of the component Cascading Style Sheet Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2022-35739. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in STMicroelectronics. It has been classified as critical. Affected is an unknown function of the component stm32_mw_usb_host. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2021-42553. It is possible to launch the attack on the physical device. There is no exploit available.

Agentic AI Is More Than Just the Latest Cybersecurity Buzzword at RSAC Conference
At RSAC 2025, the message came through loud and clear: Agentic AI is no longer just a concept. It's being deployed today. While much of the buzz focused on performance gains and trust concerns, another story emerged - one that speaks directly to security professionals and those entering the field.

NIH, CMS Project Raises Patient Data Privacy Concerns, Advocates Say
The U.S. Department of Health and Human Services said it will build a data platform "allowing researchers to 'securely'" access data from Medicare and Medicaid claims, patient electronic medical records and consumer wearables to better understand autism spectrum disorder causes and treatments.

Masimo Told SEC Hack Affects On-Premises Systems, Operations and Distribution
A cyberattack against on-premises systems is affecting product manufacturing, fulfillment and distribution operations of Masimo, a manufacturer of patient monitoring devices, the California-based company told the U.S. Securities and Exchange Commission on Tuesday.

Funding Will Fuel R&D Push Into Automated Remediation and Risk Prioritization Tools
With code increasingly generated by AI and attackers using AI for exploits, OX Security raised $60 million to scale R&D and help developers prioritize critical vulnerabilities. The company aims to close detection gaps and reduce time-to-remediation in application security.

FIDO-Based Authentication to Replace SMS-Based Verification, Says UK NCSC
The U.K. government is set to replace SMS-based verification systems for digital services with passkeys later this year in a bid to shore-up cyber defenses. The authentication initiative is being developed by the U.K. National Cybersecurity Center using FIDO standards.

Agentic AI Is More Than Just the Latest Cybersecurity Buzzword at RSAC Conference
At RSAC 2025, the message came through loud and clear: Agentic AI is no longer just a concept. It's being deployed today. While much of the buzz focused on performance gains and trust concerns, another story emerged - one that speaks directly to security professionals and those entering the field.

Loss of 5% of Staff Is Cybersecurity Industry's Second-Largest Workforce Reduction
CrowdStrike plans to axe 500 employees as the endpoint security behemoth looks to operate more efficiently. Saying its use of AI technology "flattens our hiring curve," the company revealed plans to reduce its nearly 10,000-person staff by 5% to scale its business with more focus and discipline.

NCSC Expects Attack Volume by 'Advanced Threat Actors' to Rise Sharply by 2027
Proliferation of AI-enabled technology will widen access to offensive tools by nation-state groups and other hackers. The volume of attacks is expected to rise significantly by 2027, and British critical infrastructure will be a prime target, the National Cybersecurity Center said.

California Man Pleads Guilty to Two Felony Charges Related to Hacking Employee's PC
A California man agreed to plead guilty to hacking a Disney employee's personal computer and stealing over one terabyte of confidential company data. Authorities say the man posted a malicious artificial intelligence art application online and used it to steal an employee's credentials.

NIH, CMS Project Raises Patient Data Privacy Concerns, Advocates Say
The U.S. Department of Health and Human Services said it will build a data platform "allowing researchers to 'securely'" access data from Medicare and Medicaid claims, patient electronic medical records and consumer wearables to better understand autism spectrum disorder causes and treatments.

The 15th annual event helps countries test and develop defenses against current and emerging cyber threats, including disinformation, quantum computing, and AI.

European regulators sent an unmistakable message about messing around with GDPR-protected data. How can organizations avoid similar compliance hassles?

Alleged Data Breach of Electro Depot